Method for providing virtual private network services between autonomous systems

US 8,774,047 B2
Filed: 02/13/2006
Issued: 07/08/2014
Est. Priority Date: 02/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing virtual private network (VPN) services between two or more autonomous systems, comprisingproviding an aggregation edge router in each of said two or more autonomous systems;

configuring a first aggregation edge router in a first autonomous system to be a routing peer of at least two ingress edge routers of packets, the first autonomous system being an autonomous system of the packets'"'"' ingress edge routers, such that first packet switched tunnels are established between the at least two ingress edge routers and the first aggregation edge router;

configuring the first aggregation edge router to be a routing peer of a second aggregation edge router in a second autonomous system, the second autonomous system being an autonomous system of at least two egress edge routers of the packets, such that a second packet switched tunnel is established between the aggregation edge routers;

configuring the second aggregation edge router to be a routing peer of the packets'"'"' egress edge router in the second autonomous system such that third packet switched tunnels are established between the at least two egress routers and the second aggregation edge router;

receiving, by the second aggregation edge router, a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router;

importing, by the second aggregation edge router, the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF);

replacing, by the second aggregation edge router, associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route;

setting, by the second aggregation edge router, a next hop attribute for the address to the second aggregation edge router; and

re-advertising, by the second aggregation edge router, the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router;

wherein no end-to-end tunnel between the ingress edge router and the egress edge router of each of the packets is established for the virtual private network services.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to providing virtual private network (VPN) services between two or more Autonomic Systems (AS). An aggregation edge router (ASBR) is provided in two or more autonomous systems (Asx,Asy). The aggregation edge routers are configured such that routing peering between the two or more autonomous systems is done between the aggregation edge routers in these autonomous systems. Each aggregation edge router is a routing peer of other edge routers (PE) in its own autonomous system. The Multi-Protocol Label Switching (MPLS) network is used between the different autonomous systems.

Citations

14 Claims

1. A method for providing virtual private network (VPN) services between two or more autonomous systems, comprisingproviding an aggregation edge router in each of said two or more autonomous systems;
- configuring a first aggregation edge router in a first autonomous system to be a routing peer of at least two ingress edge routers of packets, the first autonomous system being an autonomous system of the packets'"'"' ingress edge routers, such that first packet switched tunnels are established between the at least two ingress edge routers and the first aggregation edge router;
  
  configuring the first aggregation edge router to be a routing peer of a second aggregation edge router in a second autonomous system, the second autonomous system being an autonomous system of at least two egress edge routers of the packets, such that a second packet switched tunnel is established between the aggregation edge routers;
  
  configuring the second aggregation edge router to be a routing peer of the packets'"'"' egress edge router in the second autonomous system such that third packet switched tunnels are established between the at least two egress routers and the second aggregation edge router;
  
  receiving, by the second aggregation edge router, a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router;
  
  importing, by the second aggregation edge router, the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF);
  
  replacing, by the second aggregation edge router, associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route;
  
  setting, by the second aggregation edge router, a next hop attribute for the address to the second aggregation edge router; and
  
  re-advertising, by the second aggregation edge router, the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router;
  
  wherein no end-to-end tunnel between the ingress edge router and the egress edge router of each of the packets is established for the virtual private network services.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, further comprising:
    - establishing said first, second and third packet switched tunnels as separate label switched tunnels.
  - 3. The method as claimed in claim 1, further comprising:
    - using a Multi-Protocol internal Border Gateway Protocol between the packets'"'"' ingress edge routers and the first aggregation edge router;
      
      using a Multi-Protocol external Border Gateway Protocol between the first and second aggregation edge routers; and
      
      using a Multi-Protocol internal Border Gateway Protocol between the packets'"'"' egress edge router and the second aggregation edge router.
  - 4. The method as claimed in claim 1, further comprising:
    - receiving, at the first aggregation edge router, a VPN-IP route from one of the packets'"'"' ingress edge router in the same autonomous system;
      
      importing, by the first aggregation edge router, the VPN-IP route into the at least one appropriate VPN Routing and Forwarding table (VRF);
      
      replacing, by the first aggregation edge router, associated route attributes of the route by those configured to the at least one appropriate VRF in the first aggregation edge router;
      
      setting, by the first aggregation edge router, a next hop attribute for an address to the first aggregation edge router; and
      
      redistributing, by the first aggregation edge router, the VPN-IP route so modified to the second peer aggregation edge router in the autonomous system of the one of the packets'"'"' egress edge router.
  - 5. The method as claimed in claim 4, wherein the next hop attribute of the VPN-IP route is set to be an IP address of the aggregation edge router.
  - 6. The method as claimed in claim 1, wherein a Multi-Protocol Label Switching network is employed between the first and the second aggregation edge routers.

7. An edge router for providing virtual private network (VPN) services in an autonomous system, wherein said edge router is an aggregation edge router, comprising:
- means for establishing first packet switched tunnels between the aggregation edge router and each of at least two edge routers in an own autonomous system of the aggregation edge router, said first packet switched tunnels terminating at the aggregation edge router and the at least one other edge router;
  
  means for establishing a second packet switched tunnel between the aggregation edge router and a second aggregation edge router in another autonomous system of the aggregation edge router, said second packet switched tunnel terminating at the aggregation edge router and the second aggregation edge router;
  
  means for receiving a virtual private network-internet protocol (VPN-IP) route from the second aggregation edge router of the ingress edge router of a packet;
  
  means for importing the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF);
  
  means for replacing associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route;
  
  means for setting a next hop attribute for an address to the aggregation edge router; and
  
  means for re-advertising the received VPN-IP route, so modified by the means for replacing and means for setting, to the packet'"'"'s egress edge router located in the own autonomous system;
  
  wherein said first packet switched tunnels, and said second packet-switched tunnel are separate tunnels and no end-to-end tunnel passing via the aggregation edge router is established for the virtual private network services.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The router as claimed in claim 7, further comprising:
    - means for establishing said first and second packet switched tunnels as separate label switched tunnels.
  - 9. The router as claimed in claim 7, wherein the aggregation edge router is configured to use a Multi-Protocol internal Border Gateway Protocol between the aggregation edge router and the at least two edge routers in the own autonomous system;
    - andwherein the aggregation edge router is configured to use a Multi-Protocol external Border Gateway Protocol between the aggregation edge router and second aggregation edge router located in another autonomous system.
  - 10. The router as claimed in claim 7, further comprising:
    - means for receiving a VPN-IP route from one of the ingress edge routers of a packet in the own autonomous system; and
      
      means for redistributing the VPN-IP route, so modified, to the second, aggregation edge router in the autonomous system of the packets'"'"' egress edge routers.
  - 11. The router as claimed in claim 7, wherein the next hop attribute of the VPN-IP route is set to be an IP address of the aggregation edge router.
  - 12. The router as claimed in claim 7, wherein a Multi-Protocol Label Switching network is employed between the first and second aggregation edge routers.
  - 13. The router as claimed in claim 7, wherein said aggregation edge router is provided at an Autonomous System Border Router.

14. An autonomous system configured to provide virtual private network services between different autonomous systems, the autonomous system comprising:
- at least two edge routers configured to be one of an ingress edge router of a packet and an egress edge router of the packet;
  
  a first aggregation edge router provided with reachability information to the edge routers and reachability information to a second aggregation edge router in another autonomous system;
  
  wherein the edge routers are provided with reachability information only to the first aggregation edge router;
  
  wherein the edge router and the first aggregation edge router are configured to be routing peers so that tunnels terminating to the first aggregation edge router are established between the edge router and the first aggregation edge router,wherein the first aggregation edge router is further configured to be a routing peer with the second aggregation edge router so that a further tunnel terminating to the first aggregation edge router is established between the first aggregation edge router and the second aggregation edge router;
  
  wherein the second aggregation edge router is further configured to;
  
  receive a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router;
  
  import the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF);
  
  replace associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route;
  
  set a next hop attribute for an address to the second aggregation edge router; and
  
  re-advertise the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router; and
  
  wherein no end-to-end tunnel passing via said first aggregation edge router to the edge routers is established for the virtual private network services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coriant Oy (Infinera Corp.)
Original Assignee
Teliasonera AB
Inventors
Kulmala, Marko, Hallivuori, Ville, Soini, Jyrki
Primary Examiner(s)
Sefcheck, Gregory
Assistant Examiner(s)
MITCHELL, DANIEL D

Application Number

US11/884,253
Publication Number

US 20080267187A1
Time in Patent Office

3,067 Days
Field of Search

None
US Class Current

370/254
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/50   using label swapping, e.g. ...

Method for providing virtual private network services between autonomous systems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing virtual private network services between autonomous systems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links